Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.
| Dependency | CPE | GAV | Highest Severity | CVE Count | CPE Confidence | Evidence Count |
|---|---|---|---|---|---|---|
| antlr-2.7.7.jar | antlr:antlr:2.7.7 | 0 | 12 | |||
| aopalliance-1.0.jar | aopalliance:aopalliance:1.0 | 0 | 10 | |||
| cglib-nodep-2.1_3.jar | cglib:cglib-nodep:2.1_3 | 0 | 9 | |||
| guava-15.0.jar | com.google.guava:guava:15.0 | 0 | 18 | |||
| commons-codec-1.9.jar | commons-codec:commons-codec:1.9 | 0 | 28 | |||
| commons-collections-3.2.1.jar | cpe:/a:apache:commons_collections:3.2.1 | commons-collections:commons-collections:3.2.1 | High | 1 | HIGHEST | 25 |
| commons-io-2.4.jar | commons-io:commons-io:2.4 | 0 | 26 | |||
| commons-logging-1.1.3.jar | commons-logging:commons-logging:1.1.3 | 0 | 26 | |||
| dom4j-1.6.1.jar | dom4j:dom4j:1.6.1 | 0 | 16 | |||
| netty-3.5.2.Final.jar | io.netty:netty:3.5.2.Final | 0 | 17 | |||
| javax.servlet-api-3.0.1.jar | javax.servlet:javax.servlet-api:3.0.1 | 0 | 25 | |||
| jsp-api-2.1.jar | javax.servlet.jsp:jsp-api:2.1 | 0 | 14 | |||
| jstl-api-1.2.jar | javax.servlet.jsp.jstl:jstl-api:1.2 | 0 | 12 | |||
| jstl-1.2.jar | javax.servlet:jstl:1.2 | 0 | 18 | |||
| servlet-api-2.5.jar | javax.servlet:servlet-api:2.5 | 0 | 13 | |||
| log4j-1.2.17.jar | cpe:/a:apache:log4j:1.2.17 | log4j:log4j:1.2.17 | 0 | LOW | 16 | |
| mx4j-tools-3.0.1.jar | mx4j:mx4j-tools:3.0.1 | 0 | 11 | |||
| mysql-connector-java-5.1.18.jar | cpe:/a:mysql:mysql:5.1.18 | mysql:mysql-connector-java:5.1.18 | High | 101 | HIGHEST | 12 |
| jna-3.4.0.jar | net.java.dev.jna:jna:3.4.0 | 0 | 11 | |||
| jna-3.4.0.jar: jnidispatch.dll | 0 | 1 | ||||
| jna-3.4.0.jar: jnidispatch.dll | 0 | 1 | ||||
| jna-3.4.0.jar: jnidispatch.dll | 0 | 1 | ||||
| platform-3.4.0.jar | net.java.dev.jna:platform:3.4.0 | 0 | 12 | |||
| jcip-annotations-1.0.jar | net.jcip:jcip-annotations:1.0 | 0 | 9 | |||
| cssparser-0.9.13.jar | net.sourceforge.cssparser:cssparser:0.9.13 | 0 | 11 | |||
| htmlunit-core-js-2.14.jar | net.sourceforge.htmlunit:htmlunit-core-js:2.14 | 0 | 11 | |||
| htmlunit-2.14.jar | net.sourceforge.htmlunit:htmlunit:2.14 | 0 | 18 | |||
| nekohtml-1.9.20.jar | net.sourceforge.nekohtml:nekohtml:1.9.20 | 0 | 9 | |||
| commons-dbcp2-2.0.jar | org.apache.commons:commons-dbcp2:2.0 | 0 | 26 | |||
| commons-exec-1.1.jar | org.apache.commons:commons-exec:1.1 | 0 | 25 | |||
| commons-lang3-3.2.1.jar | org.apache.commons:commons-lang3:3.2.1 | 0 | 26 | |||
| commons-pool2-2.2.jar | org.apache.commons:commons-pool2:2.2 | 0 | 26 | |||
| httpclient-4.3.2.jar | cpe:/a:apache:httpclient:4.3.2 | org.apache.httpcomponents:httpclient:4.3.2 | Medium | 2 | HIGHEST | 22 |
| httpcore-4.3.1.jar | org.apache.httpcomponents:httpcore:4.3.1 | 0 | 21 | |||
| httpmime-4.3.2.jar | org.apache.httpcomponents:httpmime:4.3.2 | 0 | 21 | |||
| bcpkix-jdk15on-1.48.jar | org.bouncycastle:bcpkix-jdk15on:1.48 | 0 | 28 | |||
| bcprov-jdk15on-1.48.jar |
cpe:/a:bouncycastle:bouncy-castle-crypto-package:1.48
cpe:/a:bouncycastle:bouncy_castle_crypto_package:1.48 |
org.bouncycastle:bcprov-jdk15on:1.48 | Medium | 1 | LOW | 25 |
| jetty-io-8.1.14.v20131031.jar |
cpe:/a:eclipse:jetty:8.1.14.v20131031
cpe:/a:jetty:jetty:8.1.14.v20131031 |
org.eclipse.jetty:jetty-io:8.1.14.v20131031 | Medium | 1 | LOW | 22 |
| hibernate-commons-annotations-4.0.1.Final.jar | org.hibernate.common:hibernate-commons-annotations:4.0.1.Final | 0 | 18 | |||
| hibernate-core-4.1.7.Final.jar | org.hibernate:hibernate-core:4.1.7.Final | 0 | 14 | |||
| hibernate-entitymanager-4.1.7.Final.jar | org.hibernate:hibernate-entitymanager:4.1.7.Final | 0 | 14 | |||
| hibernate-jpa-2.0-api-1.0.1.Final.jar | org.hibernate.javax.persistence:hibernate-jpa-2.0-api:1.0.1.Final | 0 | 16 | |||
| javassist-3.15.0-GA.jar | org.javassist:javassist:3.15.0-GA | 0 | 13 | |||
| jboss-logging-3.1.0.GA.jar | org.jboss.logging:jboss-logging:3.1.0.GA | 0 | 25 | |||
| jboss-transaction-api_1.1_spec-1.0.0.Final.jar | org.jboss.spec.javax.transaction:jboss-transaction-api_1.1_spec:1.0.0.Final | 0 | 19 | |||
| json-20080701.jar | org.json:json:20080701 | 0 | 11 | |||
| servlet-api-2.5-6.1.9.jar | cpe:/a:mortbay_jetty:jetty:6.1.9 | org.mortbay.jetty:servlet-api-2.5:6.1.9 | 0 | LOW | 21 | |
| jetty-repacked-7.6.1.jar | cpe:/a:jetty:jetty:7.6.1 | 0 | LOW | 7 | ||
| jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml |
cpe:/a:eclipse:jetty:7.6.1.v20120215
cpe:/a:jetty:jetty:7.6.1.v20120215 |
org.eclipse.jetty:jetty-io:7.6.1.v20120215 | Medium | 1 | LOW | 6 |
| selenium-api-2.42.2.jar | org.seleniumhq.selenium:selenium-api:2.42.2 | 0 | 11 | |||
| selenium-chrome-driver-2.42.2.jar | org.seleniumhq.selenium:selenium-chrome-driver:2.42.2 | 0 | 12 | |||
| selenium-firefox-driver-2.42.2.jar | org.seleniumhq.selenium:selenium-firefox-driver:2.42.2 | 0 | 12 | |||
| selenium-htmlunit-driver-2.42.2.jar | org.seleniumhq.selenium:selenium-htmlunit-driver:2.42.2 | 0 | 12 | |||
| selenium-ie-driver-2.42.2.jar | org.seleniumhq.selenium:selenium-ie-driver:2.42.2 | 0 | 12 | |||
| selenium-java-2.42.2.jar | org.seleniumhq.selenium:selenium-java:2.42.2 | 0 | 13 | |||
| selenium-remote-driver-2.42.2.jar | org.seleniumhq.selenium:selenium-remote-driver:2.42.2 | 0 | 12 | |||
| selenium-safari-driver-2.42.2.jar | org.seleniumhq.selenium:selenium-safari-driver:2.42.2 | 0 | 12 | |||
| selenium-server-2.42.2.jar | cpe:/a:jetty:jetty:2.42.2 | org.seleniumhq.selenium:selenium-server:2.42.2 | 0 | LOW | 13 | |
| selenium-server-2.42.2.jar: readystate.jar | 0 | 1 | ||||
| selenium-server-2.42.2.jar: hudsuckr.exe | 0 | 1 | ||||
| selenium-support-2.42.2.jar | org.seleniumhq.selenium:selenium-support:2.42.2 | 0 | 12 | |||
| jcl-over-slf4j-1.7.5.jar | org.slf4j:jcl-over-slf4j:1.7.5 | 0 | 18 | |||
| slf4j-api-1.7.5.jar | org.slf4j:slf4j-api:1.7.5 | 0 | 18 | |||
| slf4j-log4j12-1.7.5.jar | org.slf4j:slf4j-log4j12:1.7.5 | 0 | 18 | |||
| spring-aop-4.0.6.RELEASE.jar | org.springframework:spring-aop:4.0.6.RELEASE | 0 | 14 | |||
| spring-beans-4.0.6.RELEASE.jar | org.springframework:spring-beans:4.0.6.RELEASE | 0 | 13 | |||
| spring-context-4.0.6.RELEASE.jar | cpe:/a:context_project:context:4.0.6 | org.springframework:spring-context:4.0.6.RELEASE | 0 | LOW | 13 | |
| spring-core-4.0.6.RELEASE.jar |
cpe:/a:pivotal:spring_framework:4.0.6
cpe:/a:springsource:spring_framework:4.0.6 cpe:/a:vmware:springsource_spring_framework:4.0.6 |
org.springframework:spring-core:4.0.6.RELEASE | 0 | LOW | 19 | |
| spring-expression-4.0.6.RELEASE.jar | org.springframework:spring-expression:4.0.6.RELEASE | 0 | 14 | |||
| spring-jdbc-4.0.6.RELEASE.jar | org.springframework:spring-jdbc:4.0.6.RELEASE | 0 | 13 | |||
| spring-orm-4.0.6.RELEASE.jar | org.springframework:spring-orm:4.0.6.RELEASE | 0 | 13 | |||
| spring-tx-4.0.6.RELEASE.jar | org.springframework:spring-tx:4.0.6.RELEASE | 0 | 14 | |||
| spring-web-4.0.6.RELEASE.jar | org.springframework:spring-web:4.0.6.RELEASE | 0 | 14 | |||
| spring-webmvc-4.0.6.RELEASE.jar | org.springframework:spring-webmvc:4.0.6.RELEASE | 0 | 14 | |||
| sac-1.3.jar | org.w3c.css:sac:1.3 | 0 | 13 | |||
| webbit-0.4.14.jar | org.webbitserver:webbit:0.4.14 | 0 | 10 | |||
| snakeyaml-1.8.jar | org.yaml:snakeyaml:1.8 | 0 | 12 | |||
| serializer-2.7.1.jar | xalan:serializer:2.7.1 | 0 | 13 | |||
| xalan-2.7.1.jar | cpe:/a:apache:xalan-java:2.7.1 | xalan:xalan:2.7.1 | High | 1 | HIGHEST | 23 |
| xercesImpl-2.11.0.jar | xerces:xercesImpl:2.11.0 | 0 | 24 | |||
| xml-apis-1.4.01.jar | xml-apis:xml-apis:1.4.01 | 0 | 15 |
Description:
A framework for constructing recognizers, compilers,
and translators from grammatical descriptions containing
Java, C#, C++, or Python actions.
License:
BSD License: http://www.antlr.org/license.htmlFile Path: C:\Users\manjushrig\.m2\repository\antlr\antlr\2.7.7\antlr-2.7.7.jar
Description: AOP Alliance
License:
Public DomainFile Path: C:\Users\manjushrig\.m2\repository\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
File Path: C:\Users\manjushrig\.m2\repository\cglib\cglib-nodep\2.1_3\cglib-nodep-2.1_3.jar
MD5: db0e461169599af137eb24478c5292ce
SHA1: 58d3be5953547c0019e5704d6ed4ffda3b0c7c66
Referenced In Project:
EmployeeManagementSystem
Description:
Guava is a suite of core and expanded libraries that include
utility classes, google's collections, io classes, and much
much more.
Guava has two code dependencies - javax.annotation
per the JSR-305 spec and javax.inject per the JSR-330 spec.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\com\google\guava\guava\15.0\guava-15.0.jar
Description:
The Apache Commons Codec package contains simple encoder and decoders for
various formats such as Base64 and Hexadecimal. In addition to these
widely used encoders and decoders, the codec package also maintains a
collection of phonetic encoding utilities.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\commons-codec\commons-codec\1.9\commons-codec-1.9.jar
Description: Types that extend and augment the Java Collections Framework.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\commons-collections\commons-collections\3.2.1\commons-collections-3.2.1.jar
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-502 Deserialization of Untrusted Data
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
Vulnerable Software & Versions: (show all)
Description:
The Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\commons-io\commons-io\2.4\commons-io-2.4.jar
Description: Commons Logging is a thin adapter allowing configurable bridging to other,
well known logging systems.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\commons-logging\commons-logging\1.1.3\commons-logging-1.1.3.jar
Description: dom4j: the flexible XML framework for Java
File Path: C:\Users\manjushrig\.m2\repository\dom4j\dom4j\1.6.1\dom4j-1.6.1.jar
MD5: 4d8f51d3fe3900efc6e395be48030d6d
SHA1: 5d3ccc056b6f056dbf0dddfdf43894b9065a8f94
Referenced In Project:
EmployeeManagementSystem
Description:
The Netty project is an effort to provide an asynchronous event-driven
network application framework and tools for rapid development of
maintainable high performance and high scalability protocol servers and
clients. In other words, Netty is a NIO client server framework which
enables quick and easy development of network applications such as protocol
servers and clients. It greatly simplifies and streamlines network
programming such as TCP and UDP socket server.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0File Path: C:\Users\manjushrig\.m2\repository\io\netty\netty\3.5.2.Final\netty-3.5.2.Final.jar
Description: Java.net - The Source for Java Technology Collaboration
License:
CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.htmlFile Path: C:\Users\manjushrig\.m2\repository\javax\servlet\javax.servlet-api\3.0.1\javax.servlet-api-3.0.1.jar
File Path: C:\Users\manjushrig\.m2\repository\javax\servlet\jsp\jsp-api\2.1\jsp-api-2.1.jar
MD5: b8a34113a3a1ce29c8c60d7141f5a704
SHA1: 63f943103f250ef1f3a4d5e94d145a0f961f5316
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\javax\servlet\jsp\jstl\jstl-api\1.2\jstl-api-1.2.jar
MD5: 7fe4f9829d305ef5b257bfc52e0e97db
SHA1: f9a034c1ca1f79c03bb461805a688f944544d138
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\javax\servlet\jstl\1.2\jstl-1.2.jar
MD5: 51e15f798e69358cb893e38c50596b9b
SHA1: 74aca283cd4f4b4f3e425f5820cda58f44409547
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\javax\servlet\servlet-api\2.5\servlet-api-2.5.jar
MD5: 69ca51af4e9a67a1027a7f95b52c3e8f
SHA1: 5959582d97d8b61f4d154ca9e495aafd16726e34
Referenced In Project:
EmployeeManagementSystem
Description: Apache Log4j 1.2
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\log4j\log4j\1.2.17\log4j-1.2.17.jar
File Path: C:\Users\manjushrig\.m2\repository\mx4j\mx4j-tools\3.0.1\mx4j-tools-3.0.1.jar
MD5: 5f345ad6d9caf2d074df1c7dba35c6c6
SHA1: df853af9fe34d4eb6f849a1b5936fddfcbe67751
Referenced In Project:
EmployeeManagementSystem
Description: Artifactory auto generated POM
File Path: C:\Users\manjushrig\.m2\repository\mysql\mysql-connector-java\5.1.18\mysql-connector-java-5.1.18.jar
MD5: 78467fb2adf7f02bcfbff3ad022bc4e9
SHA1: 85dfedad243dc0303ad7ae3a323c39421d220690
Referenced In Project:
EmployeeManagementSystem
Severity:
Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Connectors component in Oracle MySQL 5.1.34 and earlier allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Connector/J.
Vulnerable Software & Versions:
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Locking.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.3 (AV:N/AC:L/Au:M/C:N/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect integrity via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.71 and earlier, 5.5.33 and earlier, and 5.6.13 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.72 and earlier, 5.5.34 and earlier, and 5.6.14 and earlier allows remote attackers to affect availability via unknown vectors related to Error Handling.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 allows remote authenticated users to affect availability via unknown vectors related to Server Options.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Full Text Search.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows local users to affect confidentiality and integrity via unknown vectors related to Server Install.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and 5.5.29 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Partition.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Types.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Server Locking.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.8 (AV:N/AC:M/Au:M/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 and earlier, and 5.6.10 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Locking.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.30, has unspecified impact and attack vectors, a different vulnerability than CVE-2012-0553.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.6 (AV:L/AC:L/Au:N/C:C/I:C/A:N)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows local users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote attackers to affect availability via unknown vectors related to Server Locking.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:P/A:N)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.1.28 and earlier, allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
CWE: CWE-255 Credentials Management
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.65 and earlier and 5.5.27 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Replication.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB Plugin.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Full Text Search.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.63 and earlier, and 5.5.25 and earlier, allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 9.0 (AV:N/AC:L/Au:S/C:C/I:C/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to Information Schema.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1 (AV:L/AC:L/Au:N/C:P/I:N/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Protocol.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.64 and earlier, and 5.5.26 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote authenticated users to cause a denial of service (mysqld crash) via vectors related to incorrect calculation and a sort order index.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote authenticated users to cause a denial of service (assertion failure and mysqld abort) by deleting a record and using HANDLER READ NEXT.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.23 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:L/Au:S/C:N/I:N/A:C)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1690.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote attackers to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.19 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer, a different vulnerability than CVE-2012-1703.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, and 5.5.22 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.61 and earlier, and 5.5.21 and earlier, allows remote authenticated users to affect availability, related to Server DML.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other versions including 5.5.x before 5.5.22 and 5.1.x before 5.1.62, allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VulnDisco Pack Professional 9.17. NOTE: as of 20120224, this disclosure has no actionable information. However, because the module author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes. NOTE: due to lack of details, it is not clear whether this issue is a duplicate of CVE-2012-0492 or another CVE.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.60 and earlier, and 5.5.19 and earlier, allows remote authenticated users to affect availability, related to MyISAM.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and 5.5.x before 5.5.28, has unspecified impact and attack vectors, a different vulnerability than CVE-2013-1492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier and 5.5.23 and earlier allows remote authenticated users to affect availability, related to GIS Extension.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 2.1 (AV:N/AC:H/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0485.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect confidentiality via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0119, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0115, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0113.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.9 (AV:N/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and integrity via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0112, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.0 (AV:L/AC:M/Au:S/C:P/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows local users to affect confidentiality and integrity via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.5 (AV:N/AC:L/Au:S/C:P/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect confidentiality and availability via unknown vectors, a different vulnerability than CVE-2012-0118.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0115, CVE-2012-0119, CVE-2012-0120, CVE-2012-0485, and CVE-2012-0492.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0101.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0087 and CVE-2012-0102.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x and 5.1.x allows remote authenticated users to affect availability via unknown vectors, a different vulnerability than CVE-2012-0101 and CVE-2012-0102.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 1.7 (AV:N/AC:H/Au:M/C:N/I:P/A:N)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.0.x, 5.1.x, and 5.5.x allows remote authenticated users to affect integrity via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.x and 5.5.x allows remote attackers to affect availability via unknown vectors.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL 5.1 before 5.1.51 allows remote authenticated users to cause a denial of service (server crash) by calling the PolyFromWKB function with Well-Known Binary (WKB) data containing a crafted number of (1) line strings or (2) line points.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-189 Numeric Errors
MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet when a LOAD DATA INFILE request generates SQL errors, which allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a crafted request.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using EXPLAIN with crafted "SELECT ... UNION ... ORDER BY (SELECT ... WHERE ...)" statements, which triggers a NULL pointer dereference in the Item_singlerow_subselect::store function.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by using the HANDLER interface and performing "alternate reads from two indexes on a table," which triggers an assertion failure.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) by creating temporary tables with nullable columns while using InnoDB, which triggers an assertion failure.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via certain arguments to the BINLOG command, which triggers an access of uninitialized memory, as demonstrated by valgrind.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (crash) via (1) IN or (2) CASE operations with NULL arguments that are explicitly specified or indirectly provided by the WITH ROLLUP modifier.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote authenticated users to cause a denial of service (mysqld daemon crash) via a join query that uses a table with a unique SET column.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to cause a denial of service (assertion failure) by modifying the (1) innodb_file_format or (2) innodb_file_per_table configuration parameters for the InnoDB storage engine, then executing a DDL statement.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.5 (AV:N/AC:M/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
MySQL before 5.1.48 allows remote authenticated users with alter database privileges to cause a denial of service (server crash and database loss) via an ALTER DATABASE command with a #mysql50# string followed by a . (dot), .. (dot dot), ../ (dot dot slash) or similar sequence, and an UPGRADE DATA DIRECTORY NAME command, which causes MySQL to move certain directories to the server data directory.
Vulnerable Software & Versions: (show all)
Severity:
Low
CVSS Score: 3.6 (AV:L/AC:L/Au:N/C:N/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
MySQL before 5.1.46 allows local users to delete the data and index files of another user's MyISAM table via a symlink attack in conjunction with the DROP TABLE command, a different vulnerability than CVE-2008-4098 and CVE-2008-7247.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 before 5.1.46 does not check privileges before uninstalling a plugin, which allows remote attackers to uninstall arbitrary plugins via the UNINSTALL PLUGIN command.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x before 5.1.50, when running in certain slave configurations in which the slave is running a newer version than the master, allows remote attackers to execute arbitrary SQL commands via custom comments.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
MySQL 5.1.x before 5.1.41 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and that can point to tables created at a future time at which a pathname is modified to contain a symlink to a subdirectory of the MySQL data home directory, related to incorrect calculation of the mysql_unpacked_real_data_home value. NOTE: this vulnerability exists because of an incomplete fix for CVE-2008-4098 and CVE-2008-2079.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
CWE: CWE-20 Improper Input Validation
The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41, when OpenSSL is used, accepts a value of zero for the depth of X.509 certificates, which allows man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via a crafted certificate, as demonstrated by a certificate presented by a server linked against the yaSSL library.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not (1) properly handle errors during execution of certain SELECT statements with subqueries, and does not (2) preserve certain null_value flags during execution of statements that use the GeomFromWKB function, which allows remote authenticated users to cause a denial of service (daemon crash) via a crafted statement.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," which triggers an assertion failure.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 6.0 (AV:N/AC:M/Au:S/C:P/I:P/A:P)
CWE: CWE-59 Improper Link Resolution Before File Access ('Link Following')
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by calling CREATE TABLE with a (1) DATA DIRECTORY or (2) INDEX DIRECTORY argument referring to a subdirectory that requires following this symlink.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-134 Uncontrolled Format String
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using this token in a SQL statement.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.6 (AV:N/AC:H/Au:S/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the MySQL home data directory, which can point to tables that are created in the future.
Vulnerable Software & Versions: (show all)
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yassl_imp.cpp.
Vulnerable Software & Versions: (show all)
Severity:
Medium
CVSS Score: 4.0 (AV:N/AC:L/Au:S/C:N/I:N/A:P)
CWE: CWE-20 Improper Input Validation
The convert_search_mode_to_innobase function in ha_innodb.cc in the InnoDB engine in MySQL 5.1.23-BK and earlier allows remote authenticated users to cause a denial of service (database crash) via a certain CONTAINS operation on an indexed column, which triggers an assertion error.
Vulnerable Software & Versions:
Description: Java Native Access
License:
LGPL, version 2.1: http://creativecommons.org/licenses/LGPL/2.1/File Path: C:\Users\manjushrig\.m2\repository\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar
File Path: C:\Users\manjushrig\.m2\repository\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar\com\sun\jna\w32ce-arm\jnidispatch.dll
MD5: f9761a775488b6128b46314574b59906
SHA1: de3b707726ebc4496e55509d1ceba8bcf6ad5b9c
File Path: C:\Users\manjushrig\.m2\repository\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar\com\sun\jna\win32-amd64\jnidispatch.dll
MD5: 715c98aa5955e7e07fb99d87f522e73a
SHA1: 0981d98dd34df47cd4bb915e5d20b5750eb33ef2
File Path: C:\Users\manjushrig\.m2\repository\net\java\dev\jna\jna\3.4.0\jna-3.4.0.jar\com\sun\jna\win32-x86\jnidispatch.dll
MD5: 50754352847b5e71e11abf4d30407148
SHA1: bb2fe694c6d7bca89fd431c0984c832ed35a4f0e
Description: Java Native Access Platform
License:
LGPL, version 2.1: http://creativecommons.org/licenses/LGPL/2.1/File Path: C:\Users\manjushrig\.m2\repository\net\java\dev\jna\platform\3.4.0\platform-3.4.0.jar
File Path: C:\Users\manjushrig\.m2\repository\net\jcip\jcip-annotations\1.0\jcip-annotations-1.0.jar
MD5: 9d5272954896c5a5d234f66b7372b17a
SHA1: afba4942caaeaf46aab0b976afd57cc7c181467e
Referenced In Project:
EmployeeManagementSystem
Description: A CSS parser which implements SAC (the Simple API for CSS).
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl.txtFile Path: C:\Users\manjushrig\.m2\repository\net\sourceforge\cssparser\cssparser\0.9.13\cssparser-0.9.13.jar
Description:
HtmlUnit adaptation of Mozilla Rhino Javascript engine for Java.
Changes are documented by a diff (rhinoDiff.txt) contained in the generated jar files.
License:
Mozilla Public License version 2.0: http://www.mozilla.org/MPL/2.0/File Path: C:\Users\manjushrig\.m2\repository\net\sourceforge\htmlunit\htmlunit-core-js\2.14\htmlunit-core-js-2.14.jar
Description: A headless browser intended for use in testing web-based applications.
License:
Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\net\sourceforge\htmlunit\htmlunit\2.14\htmlunit-2.14.jar
Description: An HTML parser and tag balancer.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\net\sourceforge\nekohtml\nekohtml\1.9.20\nekohtml-1.9.20.jar
Description: Apache Commons DBCP software implements Database Connection Pooling
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\apache\commons\commons-dbcp2\2.0\commons-dbcp2-2.0.jar
Description: A library to reliably execute external processes from within the JVM
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\apache\commons\commons-exec\1.1\commons-exec-1.1.jar
Description:
Apache Commons Lang, a package of Java utility classes for the
classes that are in java.lang's hierarchy, or are considered to be so
standard as to justify existence in java.lang.
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\apache\commons\commons-lang3\3.2.1\commons-lang3-3.2.1.jar
Description: Apache Commons Object Pooling Library
License:
http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\apache\commons\commons-pool2\2.2\commons-pool2-2.2.jar
Description:
HttpComponents Client
File Path: C:\Users\manjushrig\.m2\repository\org\apache\httpcomponents\httpclient\4.3.2\httpclient-4.3.2.jar
MD5: f5c0380ed42ed76100fb16434f3a1d35
SHA1: 10a45d03873baa34436ae54548d9f1140d4bb68a
Referenced In Project:
EmployeeManagementSystem
Severity:
Medium
CVSS Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P)
CWE: CWE-399 Resource Management Errors
http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents HttpClient before 4.3.6 ignores the http.socket.timeout configuration setting during an SSL handshake, which allows remote attackers to cause a denial of service (HTTPS call hang) via unspecified vectors.
Vulnerable Software & Versions:
Severity:
Medium
CVSS Score: 5.8 (AV:N/AC:M/Au:N/C:P/I:P/A:N)
org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents HttpClient before 4.3.5 and HttpAsyncClient before 4.0.2 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via a "CN=" string in a field in the distinguished name (DN) of a certificate, as demonstrated by the "foo,CN=www.apache.org" string in the O field.
Vulnerable Software & Versions: (show all)
Description:
HttpComponents Core (blocking I/O)
File Path: C:\Users\manjushrig\.m2\repository\org\apache\httpcomponents\httpcore\4.3.1\httpcore-4.3.1.jar
MD5: 26c92ab115f285c332e14b3d423d255a
SHA1: 98e2eefcf524f757188f172642ecf5e2c7421947
Referenced In Project:
EmployeeManagementSystem
Description:
HttpComponents HttpClient - MIME coded entities
File Path: C:\Users\manjushrig\.m2\repository\org\apache\httpcomponents\httpmime\4.3.2\httpmime-4.3.2.jar
MD5: 91b8eb9fb5663acaa4b7bb8f0c31a8c3
SHA1: 3202421d9425ced69919b282afa644e7ef0e8fef
Referenced In Project:
EmployeeManagementSystem
Description: The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.7. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.htmlFile Path: C:\Users\manjushrig\.m2\repository\org\bouncycastle\bcpkix-jdk15on\1.48\bcpkix-jdk15on-1.48.jar
Description: The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 to JDK 1.7.
License:
Bouncy Castle Licence: http://www.bouncycastle.org/licence.htmlFile Path: C:\Users\manjushrig\.m2\repository\org\bouncycastle\bcprov-jdk15on\1.48\bcprov-jdk15on-1.48.jar
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
The Bouncy Castle Java library before 1.51 does not validate a point is withing the elliptic curve, which makes it easier for remote attackers to obtain private keys via a series of crafted elliptic curve Diffie Hellman (ECDH) key exchanges, aka an "invalid curve attack."
Vulnerable Software & Versions: (show all)
Description: Administrative parent pom for Jetty modules
License:
http://www.apache.org/licenses/LICENSE-2.0, http://www.eclipse.org/org/documents/epl-v10.phpFile Path: C:\Users\manjushrig\.m2\repository\org\eclipse\jetty\jetty-io\8.1.14.v20131031\jetty-io-8.1.14.v20131031.jar
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
Description: Common reflection code used in support of annotation processing
License:
GNU LESSER GENERAL PUBLIC LICENSE: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: C:\Users\manjushrig\.m2\repository\org\hibernate\common\hibernate-commons-annotations\4.0.1.Final\hibernate-commons-annotations-4.0.1.Final.jar
Description: A module of the Hibernate Core project
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: C:\Users\manjushrig\.m2\repository\org\hibernate\hibernate-core\4.1.7.Final\hibernate-core-4.1.7.Final.jar
Description: A module of the Hibernate Core project
License:
GNU Lesser General Public License: http://www.gnu.org/licenses/lgpl-2.1.htmlFile Path: C:\Users\manjushrig\.m2\repository\org\hibernate\hibernate-entitymanager\4.1.7.Final\hibernate-entitymanager-4.1.7.Final.jar
Description:
Hibernate definition of the Java Persistence 2.0 (JSR 317) API.
License:
license.txtFile Path: C:\Users\manjushrig\.m2\repository\org\hibernate\javax\persistence\hibernate-jpa-2.0-api\1.0.1.Final\hibernate-jpa-2.0-api-1.0.1.Final.jar
Description: Javassist (JAVA programming ASSISTant) makes Java bytecode manipulation
simple. It is a class library for editing bytecodes in Java.
License:
MPL 1.1: http://www.mozilla.org/MPL/MPL-1.1.html LGPL 2.1: http://www.gnu.org/licenses/lgpl-2.1.html Apache License 2.0: http://www.apache.org/licenses/File Path: C:\Users\manjushrig\.m2\repository\org\javassist\javassist\3.15.0-GA\javassist-3.15.0-GA.jar
Description: The JBoss Logging Framework
License:
GNU Lesser General Public License, version 2.1: http://www.gnu.org/licenses/lgpl-2.1.txtFile Path: C:\Users\manjushrig\.m2\repository\org\jboss\logging\jboss-logging\3.1.0.GA\jboss-logging-3.1.0.GA.jar
Description: The Java Transaction 1.1 API classes
File Path: C:\Users\manjushrig\.m2\repository\org\jboss\spec\javax\transaction\jboss-transaction-api_1.1_spec\1.0.0.Final\jboss-transaction-api_1.1_spec-1.0.0.Final.jar
MD5: 1df800392c432e449d9a19ed7a8f54a8
SHA1: 2ab6236535e085d86f37fd97ddfdd35c88c1a419
Referenced In Project:
EmployeeManagementSystem
Description:
JSON (JavaScript Object Notation) is a lightweight data-interchange format.
It is easy for humans to read and write. It is easy for machines to parse and generate.
It is based on a subset of the JavaScript Programming Language, Standard ECMA-262 3rd Edition
- December 1999. JSON is a text format that is completely language independent but uses
conventions that are familiar to programmers of the C-family of languages, including C, C++, C#,
Java, JavaScript, Perl, Python, and many others.
These properties make JSON an ideal data-interchange language.
License:
provided without support or warranty: http://www.json.org/license.htmlFile Path: C:\Users\manjushrig\.m2\repository\org\json\json\20080701\json-20080701.jar
Description: Servlet Specification 2.5 API
License:
CDDL 1.0: https://glassfish.dev.java.net/public/CDDLv1.0.htmlFile Path: C:\Users\manjushrig\.m2\repository\org\mortbay\jetty\servlet-api-2.5\6.1.9\servlet-api-2.5-6.1.9.jar
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\jetty-repacked\7.6.1\jetty-repacked-7.6.1.jar
MD5: 347692e3881d4c5fd09a6b35a307ad58
SHA1: 3937008b2f7c124f52f7734eba4f6efc148799c6
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\jetty-repacked\7.6.1\jetty-repacked-7.6.1.jar\META-INF/maven/org.eclipse.jetty/jetty-io/pom.xml
MD5: 001a7f511ffb16873ea05be06bfcb1d9
SHA1: f3d8b5aa622cc3b68975088e33074b1dc4dd892f
Severity:
Medium
CVSS Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)
CWE: CWE-200 Information Exposure
Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect passwords.
Vulnerable Software & Versions:
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-api\2.42.2\selenium-api-2.42.2.jar
MD5: e0103ff44b1b29596f92ff1b4559b0cb
SHA1: 4aa197c299747cb0e8f36297f56c4ce76ecc4f80
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-chrome-driver\2.42.2\selenium-chrome-driver-2.42.2.jar
MD5: 40897b2723fa8d267383b10c686b0ded
SHA1: c36ab01e47eea449942aea7f86e325ca37896be9
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-firefox-driver\2.42.2\selenium-firefox-driver-2.42.2.jar
MD5: 69beac121d62a1932f3351a70c93d0b3
SHA1: ea341c7a3b1e23b20656a76ab962ebf5fd0c02c3
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-htmlunit-driver\2.42.2\selenium-htmlunit-driver-2.42.2.jar
MD5: f6f6c5f0800356efab3e361c351f9167
SHA1: 01e2c89b6edd0250cea19432c652222eb8a732a6
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-ie-driver\2.42.2\selenium-ie-driver-2.42.2.jar
MD5: 14e4e7b6f779e4eea612334b86b5462d
SHA1: c9c16383fcd66cdf0a38d63b93c9cea808eaf9f7
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-java\2.42.2\selenium-java-2.42.2.jar
MD5: c38f61afa7a3f67056fd48cff3af0632
SHA1: 1d56722a74a495c7e588508b84b91a76cd40f362
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-remote-driver\2.42.2\selenium-remote-driver-2.42.2.jar
MD5: c13607c8242adb5ae15d97268fe6ce94
SHA1: 230a6905f2cee5ca5fc2ab31bd342e757bccad2d
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-safari-driver\2.42.2\selenium-safari-driver-2.42.2.jar
MD5: d3436d8c81900ba0630eafb12357702e
SHA1: 10dc2d7cdeeac36c9f037789ef57db35777c540c
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-server\2.42.2\selenium-server-2.42.2.jar
MD5: e687702111f98daa0000bc30f1fa7d96
SHA1: 932bd06f79faac2f87d58547e090f160a1e8969f
Referenced In Project:
EmployeeManagementSystem
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-server\2.42.2\selenium-server-2.42.2.jar\customProfileDirCUSTFF\extensions\readystate@openqa.org\chrome\readystate.jar
MD5: 0bcafd7a486e7b6fc723da851db19a7b
SHA1: 63a6bdeee413d62ad8db3473797475243e99ec8e
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-server\2.42.2\selenium-server-2.42.2.jar\hudsuckr\hudsuckr.exe
MD5: 2a9cca56785eab06a70e5d35523bcec9
SHA1: 89c44639f3bd4b4c7ee05286bb1748c9ae68eab1
File Path: C:\Users\manjushrig\.m2\repository\org\seleniumhq\selenium\selenium-support\2.42.2\selenium-support-2.42.2.jar
MD5: eb831d38cb846ee3d57ee8b90aab1f94
SHA1: 77ea1515455e3c259188b29eec7775262bee2ba5
Referenced In Project:
EmployeeManagementSystem
Description: JCL 1.1.1 implemented over SLF4J
File Path: C:\Users\manjushrig\.m2\repository\org\slf4j\jcl-over-slf4j\1.7.5\jcl-over-slf4j-1.7.5.jar
MD5: 4dde0990b45d1bbba6ee141da8fa9c25
SHA1: 0cd5970bd13fa85f7bed41ca606d6daf7cbf1365
Referenced In Project:
EmployeeManagementSystem
Description: The slf4j API
File Path: C:\Users\manjushrig\.m2\repository\org\slf4j\slf4j-api\1.7.5\slf4j-api-1.7.5.jar
MD5: 3b1ececad9ebc3fbad2953ccf4a070ca
SHA1: 6b262da268f8ad9eff941b25503a9198f0a0ac93
Referenced In Project:
EmployeeManagementSystem
Description: SLF4J LOG4J-12 Binding
File Path: C:\Users\manjushrig\.m2\repository\org\slf4j\slf4j-log4j12\1.7.5\slf4j-log4j12-1.7.5.jar
MD5: 371e35747d6bd35e3800034bdac4150e
SHA1: 6edffc576ce104ec769d954618764f39f0f0f10d
Referenced In Project:
EmployeeManagementSystem
Description: Spring AOP
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-aop\4.0.6.RELEASE\spring-aop-4.0.6.RELEASE.jar
Description: Spring Beans
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-beans\4.0.6.RELEASE\spring-beans-4.0.6.RELEASE.jar
Description: Spring Context
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-context\4.0.6.RELEASE\spring-context-4.0.6.RELEASE.jar
Description: Spring Core
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-core\4.0.6.RELEASE\spring-core-4.0.6.RELEASE.jar
Description: Spring Expression Language (SpEL)
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-expression\4.0.6.RELEASE\spring-expression-4.0.6.RELEASE.jar
Description: Spring JDBC
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-jdbc\4.0.6.RELEASE\spring-jdbc-4.0.6.RELEASE.jar
Description: Spring Object/Relational Mapping
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-orm\4.0.6.RELEASE\spring-orm-4.0.6.RELEASE.jar
Description: Spring Transaction
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-tx\4.0.6.RELEASE\spring-tx-4.0.6.RELEASE.jar
Description: Spring Web
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-web\4.0.6.RELEASE\spring-web-4.0.6.RELEASE.jar
Description: Spring Web MVC
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\org\springframework\spring-webmvc\4.0.6.RELEASE\spring-webmvc-4.0.6.RELEASE.jar
Description: SAC is a standard interface for CSS parsers.
License:
The W3C Software License: http://www.w3.org/Consortium/Legal/copyright-software-19980720File Path: C:\Users\manjushrig\.m2\repository\org\w3c\css\sac\1.3\sac-1.3.jar
Description: A Java event based WebSocket and HTTP server
License:
BSD License: http://www.opensource.org/licenses/bsd-licenseFile Path: C:\Users\manjushrig\.m2\repository\org\webbitserver\webbit\0.4.14\webbit-0.4.14.jar
Description: YAML 1.1 parser and emitter for Java
License:
Apache License Version 2.0: LICENSE.txtFile Path: C:\Users\manjushrig\.m2\repository\org\yaml\snakeyaml\1.8\snakeyaml-1.8.jar
Description:
Serializer to write out XML, HTML etc. as a stream of characters from an input DOM or from input
SAX events.
File Path: C:\Users\manjushrig\.m2\repository\xalan\serializer\2.7.1\serializer-2.7.1.jar
MD5: a6b64dfe58229bdd810263fa0cc54cff
SHA1: 4b4b18df434451249bb65a63f2fb69e215a6a020
Referenced In Project:
EmployeeManagementSystem
Description:
Xalan-Java is an XSLT processor for transforming XML documents into HTML,
text, or other XML document types. It implements XSL Transformations (XSLT)
Version 1.0 and XML Path Language (XPath) Version 1.0 and can be used from
the command line, in an applet or a servlet, or as a module in other program.
File Path: C:\Users\manjushrig\.m2\repository\xalan\xalan\2.7.1\xalan-2.7.1.jar
MD5: d43aad24f2c143b675292ccfef487f9c
SHA1: 75f1d83ce27bab5f29fff034fc74aa9f7266f22a
Referenced In Project:
EmployeeManagementSystem
Severity:
High
CVSS Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P)
CWE: CWE-264 Permissions, Privileges, and Access Controls
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a crafted (1) xalan:content-header, (2) xalan:entities, (3) xslt:content-header, or (4) xslt:entities property, or a Java property that is bound to the XSLT 1.0 system-property function.
Vulnerable Software & Versions: (show all)
Description:
Xerces2 is the next generation of high performance, fully compliant XML parsers in the Apache Xerces family. This new version of Xerces introduces the Xerces Native Interface (XNI), a complete framework for building parser components and configurations that is extremely modular and easy to program.
The Apache Xerces2 parser is the reference implementation of XNI but other parser components, configurations, and parsers can be written using the Xerces Native Interface. For complete design and implementation documents, refer to the XNI Manual.
Xerces2 is a fully conforming XML Schema 1.0 processor. A partial experimental implementation of the XML Schema 1.1 Structures and Datatypes Working Drafts (December 2009) and an experimental implementation of the XML Schema Definition Language (XSD): Component Designators (SCD) Candidate Recommendation (January 2010) are provided for evaluation. For more information, refer to the XML Schema page.
Xerces2 also provides a complete implementation of the Document Object Model Level 3 Core and Load/Save W3C Recommendations and provides a complete implementation of the XML Inclusions (XInclude) W3C Recommendation. It also provides support for OASIS XML Catalogs v1.1.
Xerces2 is able to parse documents written according to the XML 1.1 Recommendation, except that it does not yet provide an option to enable normalization checking as described in section 2.13 of this specification. It also handles namespaces according to the XML Namespaces 1.1 Recommendation, and will correctly serialize XML 1.1 documents if the DOM level 3 load/save APIs are in use.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txtFile Path: C:\Users\manjushrig\.m2\repository\xerces\xercesImpl\2.11.0\xercesImpl-2.11.0.jar
Description: xml-commons provides an Apache-hosted set of DOM, SAX, and
JAXP interfaces for use in other xml-based projects. Our hope is that we
can standardize on both a common version and packaging scheme for these
critical XML standards interfaces to make the lives of both our developers
and users easier. The External Components portion of xml-commons contains
interfaces that are defined by external standards organizations. For DOM,
that's the W3C; for SAX it's David Megginson and sax.sourceforge.net; for
JAXP it's Sun.
License:
The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt The SAX License: http://www.saxproject.org/copying.html The W3C License: http://www.w3.org/TR/2004/REC-DOM-Level-3-Core-20040407/java-binding.zipFile Path: C:\Users\manjushrig\.m2\repository\xml-apis\xml-apis\1.4.01\xml-apis-1.4.01.jar